nymtech · simonwicky · Apr 17, 2024 · Apr 17, 2024 · Apr 19, 2024 · Apr 29, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/clients/native/Cargo.toml b/clients/native/Cargo.toml
@@ -25,7 +25,7 @@ bs58 = { workspace = true }
 clap = { workspace = true, features = ["cargo", "derive"] }
 dirs = "4.0"
 log = { workspace = true } # self explanatory
-rand = { version = "0.7.3", features = ["wasm-bindgen"] } # rng-related traits + some rng implementation to use
+rand = { workspace = true }
 serde = { workspace = true, features = ["derive"] } # for config serialization/deserialization
 serde_json = { workspace = true }
 thiserror = { workspace = true }

diff --git a/clients/socks5/Cargo.toml b/clients/socks5/Cargo.toml
@@ -16,7 +16,7 @@ serde_json = { workspace = true }
 tap = "1.0.1"
 thiserror = { workspace = true }
 tokio = { version = "1.24.1", features = ["rt-multi-thread", "net", "signal"] }
-rand = "0.7.3"
+rand = { workspace = true }
 time = { workspace = true }
 url = { workspace = true }
 zeroize = { workspace = true }

diff --git a/common/bandwidth-controller/Cargo.toml b/common/bandwidth-controller/Cargo.toml
@@ -9,7 +9,7 @@ license.workspace = true
 [dependencies]
 bip39 = { workspace = true }
 log = { workspace = true }
-rand = "0.7.3"
+rand = { workspace = true }
 thiserror = { workspace = true }
 url = { workspace = true }
 zeroize = { workspace = true }

diff --git a/common/client-core/Cargo.toml b/common/client-core/Cargo.toml
@@ -17,7 +17,7 @@ clap = { workspace = true, optional = true }
 futures = { workspace = true }
 humantime-serde = { workspace = true }
 log = { workspace = true }
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
+rand = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 sha2 = "0.10.6"

diff --git a/common/client-libs/gateway-client/Cargo.toml b/common/client-libs/gateway-client/Cargo.toml
@@ -14,7 +14,7 @@ futures = { workspace = true }
 log = { workspace = true }
 thiserror = { workspace = true }
 url = { workspace = true }
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
+rand = { workspace = true }
 tokio = { version = "1.24.1", features = ["macros"] }
 si-scale = "0.2.2"
 time.workspace = true

diff --git a/common/credentials/Cargo.toml b/common/credentials/Cargo.toml
@@ -23,5 +23,5 @@ nym-api-requests = { path = "../../nym-api/nym-api-requests" }
 nym-validator-client = { path = "../client-libs/validator-client", default-features = false }
 
 [dev-dependencies]
-rand = "0.7.3"
+rand = "0.8.5"
 
@@ -17,9 +17,9 @@ generic-array = { workspace = true, optional = true }
 hkdf = { version = "0.12.3", optional = true }
 hmac = { version = "0.12.1", optional = true }
 cipher = { version = "0.4.3", optional = true }
-x25519-dalek = { version = "1.1", optional = true }
-ed25519-dalek = { version = "1.0", optional = true }
-rand = { version = "0.7.3", features = ["wasm-bindgen"], optional = true }
+x25519-dalek = { version = "2.0.0", optional = true }
+ed25519-dalek = { version = "2.1", features = ["rand_core"], optional = true }
+rand = { version = "0.8.5", optional = true }
 serde_bytes = { version = "0.11.6", optional = true }
 serde_crate = { version = "1.0", optional = true, default_features = false, features = ["derive"], package = "serde" }
 subtle-encoding = { version = "0.5", features =  ["bech32-preview"]}
@@ -31,7 +31,7 @@ nym-sphinx-types = { path = "../nymsphinx/types", version = "0.2.0", default-fea
 nym-pemstore = { path = "../../common/pemstore", version = "0.3.0" }
 
 [dev-dependencies]
-rand_chacha = "0.2"
+rand_chacha = "0.3"
 
 [features]
 default = ["sphinx"]

@@ -56,7 +56,7 @@ pub struct KeyPair {
 impl KeyPair {
     #[cfg(feature = "rand")]
     pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
-        let private_key = x25519_dalek::StaticSecret::new(rng);
+        let private_key = x25519_dalek::StaticSecret::random_from_rng(rng);
         let public_key = (&private_key).into();
 
         KeyPair {
@@ -203,7 +203,7 @@ impl<'a> From<&'a PrivateKey> for PublicKey {
 impl PrivateKey {
     #[cfg(feature = "rand")]
     pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
-        let x25519_secret = x25519_dalek::StaticSecret::new(rng);
+        let x25519_secret = x25519_dalek::StaticSecret::random_from_rng(rng);
 
         PrivateKey(x25519_secret)
     }
@@ -322,9 +322,7 @@ impl<'a> From<&'a PrivateKey> for nym_sphinx_types::PrivateKey {
 #[cfg(feature = "sphinx")]
 impl From<nym_sphinx_types::PrivateKey> for PrivateKey {
     fn from(private_key: nym_sphinx_types::PrivateKey) -> Self {
-        let private_key_bytes = private_key.to_bytes();
-        assert_eq!(private_key_bytes.len(), PRIVATE_KEY_SIZE);
-        Self::from_bytes(&private_key_bytes).unwrap()
+        Self(private_key)
     }
 }
 
@@ -366,7 +364,7 @@ mod sphinx_key_conversion {
     #[test]
     fn works_for_backward_conversion() {
         for _ in 0..NUM_ITERATIONS {
-            let (sphinx_private, sphinx_public) = nym_sphinx_types::crypto::keygen();
+            let (sphinx_private, sphinx_public) = nym_sphinx_types::test_utils::fixtures::keygen();
 
             let private_bytes = sphinx_private.to_bytes();
             let public_bytes = sphinx_public.as_bytes();

@@ -1,8 +1,8 @@
 // Copyright 2021-2023 - Nym Technologies SA <[email protected]>
 // SPDX-License-Identifier: Apache-2.0
 
-pub use ed25519_dalek::ed25519::signature::Signature as SignatureTrait;
 pub use ed25519_dalek::SignatureError;
+use ed25519_dalek::{Signer, SigningKey};
 pub use ed25519_dalek::{Verifier, PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, SIGNATURE_LENGTH};
 use nym_pemstore::traits::{PemStorableKey, PemStorableKeyPair};
 use std::fmt::{self, Display, Formatter};
@@ -30,6 +30,9 @@ pub enum Ed25519RecoveryError {
     #[error(transparent)]
     MalformedBytes(#[from] SignatureError),
 
+    #[error(transparent)]
+    BytesLengthError(#[from] std::array::TryFromSliceError),
+
     #[error("the base58 representation of the public key was malformed - {source}")]
     MalformedPublicKeyString {
         #[source]
@@ -64,11 +67,11 @@ pub struct KeyPair {
 impl KeyPair {
     #[cfg(feature = "rand")]
     pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
-        let ed25519_keypair = ed25519_dalek::Keypair::generate(rng);
+        let ed25519_signing_key = ed25519_dalek::SigningKey::generate(rng);
 
         KeyPair {
-            private_key: PrivateKey(ed25519_keypair.secret),
-            public_key: PublicKey(ed25519_keypair.public),
+            private_key: PrivateKey(ed25519_signing_key.to_bytes()),
+            public_key: PublicKey(ed25519_signing_key.verifying_key()),
         }
     }
 
@@ -109,7 +112,7 @@ impl PemStorableKeyPair for KeyPair {
 
 /// ed25519 EdDSA Public Key
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
-pub struct PublicKey(ed25519_dalek::PublicKey);
+pub struct PublicKey(ed25519_dalek::VerifyingKey);
 
 impl Display for PublicKey {
     fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
@@ -135,7 +138,9 @@ impl PublicKey {
     }
 
     pub fn from_bytes(b: &[u8]) -> Result<Self, Ed25519RecoveryError> {
-        Ok(PublicKey(ed25519_dalek::PublicKey::from_bytes(b)?))
+        Ok(PublicKey(ed25519_dalek::VerifyingKey::from_bytes(
+            b.try_into()?,
+        )?))
     }
 
     pub fn to_base58_string(self) -> String {
@@ -189,7 +194,7 @@ impl<'d> Deserialize<'d> for PublicKey {
     where
         D: Deserializer<'d>,
     {
-        Ok(PublicKey(ed25519_dalek::PublicKey::deserialize(
+        Ok(PublicKey(ed25519_dalek::VerifyingKey::deserialize(
             deserializer,
         )?))
     }
@@ -223,14 +228,14 @@ impl Display for PrivateKey {
 
 impl<'a> From<&'a PrivateKey> for PublicKey {
     fn from(pk: &'a PrivateKey) -> Self {
-        PublicKey((&pk.0).into())
+        PublicKey(SigningKey::from_bytes(&pk.0).verifying_key())
     }
 }
 
 impl PrivateKey {
     #[cfg(feature = "rand")]
     pub fn new<R: RngCore + CryptoRng>(rng: &mut R) -> Self {
-        let ed25519_secret = ed25519_dalek::SecretKey::generate(rng);
+        let ed25519_secret = ed25519_dalek::SigningKey::generate(rng).to_bytes();
 
         PrivateKey(ed25519_secret)
     }
@@ -240,11 +245,11 @@ impl PrivateKey {
     }
 
     pub fn to_bytes(&self) -> [u8; SECRET_KEY_LENGTH] {
-        self.0.to_bytes()
+        self.0
     }
 
     pub fn from_bytes(b: &[u8]) -> Result<Self, Ed25519RecoveryError> {
-        Ok(PrivateKey(ed25519_dalek::SecretKey::from_bytes(b)?))
+        Ok(PrivateKey(b.try_into()?))
     }
 
     pub fn to_base58_string(&self) -> String {
@@ -259,9 +264,8 @@ impl PrivateKey {
     }
 
     pub fn sign<M: AsRef<[u8]>>(&self, message: M) -> Signature {
-        let expanded_secret_key = ed25519_dalek::ExpandedSecretKey::from(&self.0);
-        let public_key: PublicKey = self.into();
-        let sig = expanded_secret_key.sign(message.as_ref(), &public_key.0);
+        let signing_key: SigningKey = self.0.into();
+        let sig = signing_key.sign(message.as_ref());
         Signature(sig)
     }
 
@@ -330,7 +334,9 @@ impl Signature {
     }
 
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, Ed25519RecoveryError> {
-        Ok(Signature(ed25519_dalek::Signature::from_bytes(bytes)?))
+        Ok(Signature(ed25519_dalek::Signature::from_bytes(
+            bytes.try_into()?,
+        )))
     }
 }
 

@@ -3,11 +3,11 @@
 
 use crate::asymmetric::encryption;
 use crate::hkdf;
+#[cfg(feature = "rand")]
+use cipher::crypto_common::rand_core::{CryptoRng, RngCore};
 use cipher::{Key, KeyIvInit, StreamCipher};
 use digest::crypto_common::BlockSizeUser;
 use digest::Digest;
-#[cfg(feature = "rand")]
-use rand::{CryptoRng, RngCore};
 
 /// Generate an ephemeral encryption keypair and perform diffie-hellman to establish
 /// shared key with the remote.

diff --git a/common/mixnode-common/src/packet_processor/processor.rs b/common/mixnode-common/src/packet_processor/processor.rs
@@ -242,7 +242,7 @@ impl SphinxPacketProcessor {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use nym_sphinx_types::crypto::keygen;
+    use nym_sphinx_types::test_utils::fixtures::keygen;
 
     fn fixture() -> SphinxPacketProcessor {
         let local_keys = keygen();

diff --git a/common/node-tester-utils/Cargo.toml b/common/node-tester-utils/Cargo.toml
@@ -8,7 +8,7 @@ license.workspace = true
 
 [dependencies]
 futures = { workspace = true }
-rand = "0.7.3"
+rand = { workspace = true }
 
 serde = { workspace = true }
 serde_json = { workspace = true }

@@ -9,8 +9,8 @@ repository = { workspace = true }
 
 [dependencies]
 log = { workspace = true }
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
-rand_distr = "0.3"
+rand = { workspace = true }
+rand_distr = "0.4"
 thiserror = { workspace = true }
 
 nym-sphinx-acknowledgements = { path = "acknowledgements" }

@@ -8,7 +8,7 @@ license = { workspace = true }
 repository = { workspace = true }
 
 [dependencies]
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
+rand = { workspace = true }
 serde_crate = { version = "1.0", optional = true, default_features = false, features = ["derive"], package = "serde" }
 generic-array = { workspace = true, optional = true, features = ["serde"] }
 thiserror = { workspace = true }

@@ -14,5 +14,5 @@ serde = "1.0" # implementing serialization/deserialization for some types, like
 thiserror = { workspace = true }
 
 [dev-dependencies]
-rand = "0.7"
+rand = "0.8.5"
 nym-crypto = { path = "../../crypto", features = ["rand"] }
@@ -8,7 +8,7 @@ license = { workspace = true }
 repository = { workspace = true }
 
 [dependencies]
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
+rand = { workspace = true }
 bs58 = { workspace = true }
 serde = { workspace = true }
 thiserror = { workspace = true }
@@ -24,4 +24,4 @@ nym-topology = { path = "../../topology" }
 version = "0.2.83"
 
 [dev-dependencies]
-rand_chacha = "0.2"
+rand_chacha = "0.3"
@@ -570,7 +570,7 @@ mod tests {
             let mut address_bytes = [0; NODE_ADDRESS_LENGTH];
             rng.fill_bytes(&mut address_bytes);
 
-            let dummy_private = PrivateKey::new_with_rng(rng);
+            let dummy_private = PrivateKey::random_from_rng(rng);
             let pub_key = (&dummy_private).into();
             Node {
                 address: NodeAddressBytes::from_bytes(address_bytes),

@@ -11,7 +11,7 @@ repository = { workspace = true }
 
 [dependencies]
 log = { workspace = true }
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
+rand = { workspace = true }
 thiserror = { workspace = true }
 
 nym-sphinx-addressing = { path = "../addressing" }

@@ -8,7 +8,7 @@ license = { workspace = true }
 repository = { workspace = true }
 
 [dependencies]
-rand = { version = "0.7.3", features = ["wasm-bindgen"] }
+rand = { workspace = true }
 thiserror = { workspace = true }
 
 nym-crypto = { path = "../../crypto" }

@@ -130,28 +130,28 @@ impl Decoder for NymCodec {
 mod packet_encoding {
     use super::*;
     use nym_sphinx_types::{
-        crypto, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node, NodeAddressBytes,
-        DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
+        test_utils, Delay as SphinxDelay, Destination, DestinationAddressBytes, Node,
+        NodeAddressBytes, DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
     };
 
     fn make_valid_outfox_packet(size: PacketSize) -> NymPacket {
-        let (_, node1_pk) = crypto::keygen();
+        let (_, node1_pk) = test_utils::fixtures::keygen();
         let node1 = Node::new(
             NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
             node1_pk,
         );
-        let (_, node2_pk) = crypto::keygen();
+        let (_, node2_pk) = test_utils::fixtures::keygen();
         let node2 = Node::new(
             NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
             node2_pk,
         );
-        let (_, node3_pk) = crypto::keygen();
+        let (_, node3_pk) = test_utils::fixtures::keygen();
         let node3 = Node::new(
             NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
             node3_pk,
         );
 
-        let (_, node4_pk) = crypto::keygen();
+        let (_, node4_pk) = test_utils::fixtures::keygen();
         let node4 = Node::new(
             NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
             node4_pk,
@@ -170,17 +170,17 @@ mod packet_encoding {
     }
 
     fn make_valid_sphinx_packet(size: PacketSize) -> NymPacket {
-        let (_, node1_pk) = crypto::keygen();
+        let (_, node1_pk) = test_utils::fixtures::keygen();
         let node1 = Node::new(
             NodeAddressBytes::from_bytes([5u8; NODE_ADDRESS_LENGTH]),
             node1_pk,
         );
-        let (_, node2_pk) = crypto::keygen();
+        let (_, node2_pk) = test_utils::fixtures::keygen();
         let node2 = Node::new(
             NodeAddressBytes::from_bytes([4u8; NODE_ADDRESS_LENGTH]),
             node2_pk,
         );
-        let (_, node3_pk) = crypto::keygen();
+        let (_, node3_pk) = test_utils::fixtures::keygen();
         let node3 = Node::new(
             NodeAddressBytes::from_bytes([2u8; NODE_ADDRESS_LENGTH]),
             node3_pk,

@@ -8,7 +8,7 @@ license = { workspace = true }
 repository = { workspace = true }
 
 [dependencies]
-sphinx-packet = { version = "0.1.0", optional = true }
+sphinx-packet = { version = "0.2.0", optional = true }
 nym-outfox = { path = "../../../nym-outfox", optional = true }
 thiserror = { workspace = true }